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Abstract of CN1314638 

The virus detecting and clearing method includes 
the steps of: simulation of computer environment; 
providing several virus infecting objects or lure; 
loading the detected object to simulated 
computerenvironment and activaing to induce 
virus infection and to generate infected standard 
sample; comparing the infected object with 
original infected object to judge whether or not 
there is virus; virusanalysis and learning to 
analyze standard sample and to extract virus 
related information and knowledge; and clearing 
virus and correcting the virus modified key 
information. The present invention can detect and 
kill known and unknown virus. 
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Abstract of CN1314638A 

Title: Method, system and medium for detecting and clearing 
known and anknown computer virus 

The virus detecting and clearing method includes the steps 
of: simulation of computer environment; providing several 
virus infecting objects or lure; loading the detected 
object to simulated computer environment and activaing to 
induce virus infection and to generate infected standard 
sample; comparing the infected object with original 
infected object to judge whether or not there is virus; 
virus analysis and learning to analyze standard sample and 
to extract virus related information and knowledge; and 
clearing virus and correcting the virus modified key 
information. The present invention can detect and kill 
known and unknown virus. 
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15 *J*f*£#*4; 

*4*Nf*»#9 INK, ft f*W*ft**t#, J* 

t**t^H (CPU) $#i4Mt, fl^»CPUtf#* ; 
25 *Mt&& (OS) m*$W, R-f&to OS &f*tiJMM£*>44t4fc 
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^4, fete DOS *.#S!ifHT, t DOS com ^ DOS com 

JfltttflDOS ?|-9-JftB, ^IfiMDOS ?|-^M^4; W0RDiL#» 

6, *»*L^'J* 5 #ri£tf#&, ^-t^f^» OS DOS, 
WINDOWS, UNIX . 

15 ^>t$"^4. 

fflft*. i.fl4^E^tf,£tf 0i£+tf£i*)4E, *4MMrfl*B, il 

i+ . £ it » Ji»-^it #^^4# « 
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11, dMM«]*j|U0 *tW+#MM/C&^: 

15 + £*tsn ( CPU ) #&JMt, ft T&fy CPU m%4-, 

(OS) os fe^ti********* 

MM; * 

fluttf-JWfrtf CPU, OS JM*^HHJt-&-. 

12, dMa.**** ii *tW^MI^T> 

25 DOS iUHHfHt , flf DOS com^*/f ! NML DOS com ^3* 

4; «-&#dos 51-MB, flf#&D0s ?i-ME3^4; woRDiLlf 

13, *«M']*# 12 *r&ti*tt, *ttfW--*t*tf*#*#*fl 



01117726.8 ft « S * JS4/535 

15, *"M4*j£ 14 ^rii^Mftt, &t#NM£& OS DOS, 
5 WI NDOWS , UN I X 4f - £ *t$Mt $ . 

16, 10 %&&4l:ftte$jLjk&&At&-k, 
15 18, **tf«J*# 11 

£ 4 + tf^-* * «M # £ ***** . * 4 $ W A 
*^flUE**tit— fc#5l-^E, iL#^SMt, 4M*E, & 

20 if ^-^>t#^Ji»-^t^^#^^^4^ 

« *t % X * * * * . *Jt 44 # 

*; 
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5 4MM»* 

20 j&4. 

25 te###&#&##*4&##^#*^#- ( ?P£4 

A4#4Mi»AA4#4K^. jW^*4*M***fe****4. *P44# 

9 T^6^^j|i^*J^^4^*4^^i^/""**4-» 
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tf«#£4#M^*frfW. SiW-^iUM^**!* 
£^4**£tf**£*t£#. » — ~&^4iM3tf*£*& 

10 *ft m$mf% > 

£;£&#4> *»*4^**4**. «k*iife4HMP#*4 
4fcfrtf*|-&. «jLitfl , **^j|fefll«.#*4^*-4.«*4-R**T*fe* 

15 4. fjiPTfr^jt. #jf.jiaat^rtfe**.*»*4^iLM4/ t A'fcst^r^^ 

20 ^^^ttoi^i^ibe,^A^^4^^*^ •fc* , J#$4*fc£. 
^4^i»m, •6«fe^«iifcjft*.^4tei^*.*»*4^'S'4. 

ifc. ^^ji^^+A,44^^4^^M^Ax^^^^#^^f : 
25 ^4^A-^L<tl&**f^T1ife'ti; fc*$&&M**.*»£4tf*#*-& 

£*uBM«jN*, ^-^if#^Ji»-^+^^4#^^#^>i^t 
30 £**4&&; ^A#^J^^l»J^ii»^i+#W^t; 
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30 sO***tf**4t**. ft&lVstfim 
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15 WBiJLW 

mm. 

m 2A-2C *4T4^iL9l^^^«Hh#^^4^**^^* 

20 

*t#*4. iiii**J-^^«***ife^J«r«a^«*^4- 
A*. 4.tR*J*4**A**. <b*. fc-f^JWrAftte, ^iHt-e 
25 lllltt, St^eM-fc^A**^*}"*., #JP*T&*r , 

4*«i#WM*«ih#4u^^Hll»T*f4^#.. flit* 
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•koft format.com> sort, com %-3LVr\$%L DOS com ^! M debug, exe 

5 lable.exe ^X-fti^ DOS exe ^^4; 4fcifc*l-M* 

*£&i.?l-fS&E#& DOS boot ^^4; ffi notepad.exe. 
word, exe ^jrJHML WINDOWS pe 3! #4; 

25 -^T***i-^MMMf^^ifL^^t*-W>b 2. iti+#*L 1 

cpik os)» >M#*lNfc4M#A. Wfc*) 

( B t*.#* ). ***44>t 2 ****** 1 CPU + 

**** 51-MB. «*^Z*HTftiMHfrtiit# 
30 AftiMFTftf***^*.. 
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1 0hr, i£**4*& 2 fejf — 3, ^t^TA# 

**** 19 2>j»tfit»«t, #4Mi***ta*JM,***+it 

5 ##Lj&*frsT»Slk&£&# CPU5. 6, (OS) 7, 

ti**MMW**9, 11 
/t 10, ^ t##T&#£-&*J-& 19 3|t\f>|*til*&if-£*L 4 t^f^T, 

io MWf.^W'f ii 19 *rte*Mr#£4*tii*#fc 

4fc£tt5l*AB*<P4H*&Jfe, 13; -^#tfc 

15 13 -5**Ltttf #>MHt 11 

44Mta*+*^*^it«; -*4^4f#9J|Mt 14, fl-HMfrW&ft 
u ****4££-Att#*#* 13 jt^4fr*4AJ|fc*riUtiJft. 

£ftl&#-&£tf*t& 16. *ifrlfr*4M*$xf$. 16 

4>t 17 4jt^J4frA^#*4^"t- 19 -h, *»^4tfM|-£. 

CPU) 5> A&ttJMt&tt 7, £&tfi+##i*h^#*B£-£- 8. 
30 ftf*^^<^**ll«i4M**lU^*jfc«*A4»**. 
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ft*Ato CPU5 X# S0 f tcpu ( ) ( ftttg&Aft&ti CPU ). sof tcpuO 

a*.-*** cpu sof tcpu omifr&mikm, itM. 

-H*i£tf CPU, flfc&ff*-44^^#jE*j|HHUf. »fr-Wh 

**** CPU fclUfMW loftcfiuOttttitff. **A£CPUft*tfr 
5 softcpu O-klMMNMxT*; ***$ CPU iXteM%4*, 

softcpu 0&#iU*, softcpu 0 CPU 
tt, # softcpu 0 ^ii^^CPU#>ft^/5t^XtjSL(^*»: 
BlOS&tf, >&;k)££&ft*t&, softcpu OlM^/ifrJfrtf 
BlOS&tf, 

10 softcpu 0*;MMM-£CPU#4Hfl-*,Mfc*je,, ^tf/fl 

*/JJ 0***3. 

Intel if##lj:tf£* t softcpu Intel 

^ CPU; ****** MAC *M^#**, softcpu Oft&ti&IIAC 
15 CPU; **. 

^^&&is.#£#£*##&T, **k**W. *&«MMt 

%%l 7 *bt*«*i*4^^-^#^*tt,. 7 T^fc^- 

*» DOS WINDOWS 95 

UNIX i&T^S*^, *J***!JI 

20 tf-*£*fcfl|, mmti&tt$#L 1 ft^**#i£tf *#*ft** 
A*. ***** DOS **M»^##Mttxi^D0S^A*l#^* 
«t; ****** WINDOWS 95^4. i£&&#)$ktf?$.%L3&.M) WINDOWS 95 
^*«Hft#*«t, **. 

4 ;***tttt^JM"h#*#ifc* 8, & 

25 £**&*t##LJf4fc+, #^^^t^l^ 

##4^h^*«ft*^^9^^*^^4HMt*«4^J| , Fp**# 
**ix£*fflt, tftf*iLftti**iMfc*Fft*, *^A*u»*t^ii'tt- 
A **»*iF**t«ik t . 

*J**iWlti-***«, tf^#tt*f#4M^**ft* 8 fcte 
30 - W«if#«W>l 4 m tt*#*f^*M**ik*A**a 
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ft & £ W W AIMUfc JMr^UElf . *»# A E * , 

5 e, iNMMrfi*a, #-@^e, 

■f DOS $ ft# 10. SYS MSDOS. SYS COMMAND. COM ), U&ft 

it-fr ( *j-f DOS 3t^«! DOSEXE. EXE DOSCOM. COM f 

it f 5 ) £ fctititA » is- R Mj&&&& £ # B . 

<&, tfisofrfl/tfj&ft&Atti. 

3S£tf£^&#J hard-disk. struct j^4S[*|iA«tit^*^* 

20 -51-Ht, -I^^WfW^ 

fejtfc ft ft W , jKJMUiJWMMUtrt # 

25 #. 9 B , iil^l^^t^ (^tf DOS $ ft £ 
10. SYS, MSDOS. SYS, COMMAND. COM ), # A$ A *J # # i^X'ft ( 
DOSEXE. EXE, DOSCOM. COM ), £#r$ tflMt'tS/fr* £ A,+ L 
afltf— -M^'J, ^TUAifrt— floppy-disk-struct 

30 A # #r # & A , **#*T>3t#.**£->5£*££ 
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360K, 720K, 1. 2M, 1.44M#&it. 
5 -ti£tf&& CPU5, 6, Aft OS 7 f-^^#-^L*P^^ 

10 &34tt4r#. *»*.#*4*M^-4.Wfi-^3it*Jit'ff (DOS exe 

DOS comjUt* DOS bat Windows NE & PE X# ), 

#&;i#/fTM&; *>£#£4*t££ WORD f * **Mf*tfiU*aWh 



15 Jiii#*iHfa^ft*A*i«^«t"tfiI, fete^WtflJtofrttW. 

/fJfi*ML#N>']*t&tt£4. *»*4ttCIH£4 (44/1 26 B4L^)» 

20 £££ DOS ^4. DOS WINDOWS 95 £4. * 

^WINDOWS 95 Ms ****** WORD ^4. WORD iL#; f 

*A4£*> ft*jfe**.*^6**4**^ff«I^T*fr*. ***** 
At. rtJMMJte*4 "Wo" tfT&**fefca. **.iHWfc*4** 
30 T, te*JMHttlUM*4f*A. 
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DOS com &&ft&im&ti£^TfrfyZ.#> &Kfifr 

5 J.60K4Ua]*.'h*f (IK, 2.5K, 12K. 20K, 30K, 

40K #); ^* + iL#^^-^8^^'J^ Jmp, call, mov, xor 

jLi£#;fM^tfi£jD£T#k& DOS exe g*Ht&, &te#J&i£ 
10 ^i^llfW, £5t#*At^J5'J# 0x20, 0x200, 0x400, 0x600, 
0x800 4f/l#, iL-frAt^'J^ 4K, 10K, 20K, 40K, 80K ^;Ut, 
&J$— %&>hfrM%% 0x00, 0x03, 0x80, 0x87, 0x100, 0x198 %Jl 
*h 0x00, 0x01, 0x02, 0x04, 0x10 ^/UM&* 

XitmmWi9iS.^^tm\^mm^ MSDOS, 
PCDOS, DRDOS, WIN9X ^j&&##fl/M^fl4>ftKJO,fl4>&E#£ 

20 Jiit5l^^H«f*iAfc^^H'*' MSDOS, PCDOS, DRDOS, WIN9X 

At, W0RDX#, /8t#iL*)*-W*. 

25 1 M4IIM^>L 10 *'J 

**4#*i.A*tl0+***Ji**. JMMfr, 12 
30 4A*#jS.*>L 10 t##*4*t»j£^ff«I^^*^^#^ 
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^MLHtf-H^*!. DOS «t&# DOS fW^4Si 

&Jii££4Rrt#> DOS exe, DOS com 3Mf4Mf\ 

ft. VLdMLSj* **J^tt#*4tfM##*#*13. 

10 xt-f3UHStf4. 

&+##.^4&£^#$l^t&, £JUiifc&##*13. 

#ri£###*. 13 **#4A*tt##i^*#-**#4 
A*******.*.. fc**£A*4*+f]ttf**.'K A ******* 

i #JM^9itt-*£**!l. £&##&4-^tf *$4 
f^*ii4, x##;f#^*r^, t^Jiii#;t#^ii4^A^#^ 

Jf SS'J. j$4# g*W^^#^+**^AiL#^^*»iR&^: ^4 

xt-f-fiftDOS com ^^4, if^4#3^ 14 ftA*" 
tR: 1.^4tfKt*.'h; 2.4SfJJt*.JS^ft4.^*^A^4«e*« 

30 &n WW^AiiH-M^^ttA***^****^*^**^^ 
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#4, 14 m^^m^^^^^ff^. 

i^MAi*#:4^^4>#lt#-^15WJiii^4#^^14^^^ 

^4#^A^io^^4f ^^i4i^^4-#^^4^^^it^#^/f 
M*4ft^&*bUINNM. 15 W^WSib^^^^ 

>H**'], ^flJttfiNMM. 15 JfrliMHi DOS com 32^4 

25 £J3']i&#T— 2. DOS comi:^A^^i+#to^ 

#JJ'J£& CPU Cs &tf*MfcJfc*t#JL*#* IP 

0x0100 Bt#jh; 3.tf##*4it#fr4££#A+*.'K -f^tf 
DOS com ft DOS comX^At^'J* 

A"**.*; 4.A.A-f^H# DOS com ?P-te^&fl4 CS: IP 

30 tf&f'J CS: IP+-f # # DOS con 
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S 2A, 2B, 2C^&T«L B ^£#^4tf^&#— ^&^#'Jtf&# 

5 £4*»#4*t3£. 2A #hF, MJStA, IfeAA 

19 sion, ^nmt^^t^^tif^mt 

(S102). TUfe^-fctfxtfc, M^^^^S^JiiliWM«4 
10 *»: *. exe, *. com, *. bat, .doc, PE^NEiL-ft, J&A?!-^ E&i?! 
txt. 

dML&jN* S102 t. ^^&M*tf#oWi&f4s+£-, 
#^S103, &4T&&£&m; ■bfmitt$-X rs r&%4r, *>%X^&At 

CPU, #&os, A^-*p^H**4h(-stit. #■ 

?l-!4SfW. £iM*S105, |tAJr*#**)tHL 19 
#A&^#M&*t. £#^S106, ^E.^rii»^i+^^t^fft 

S107+, ^*f4.*^rilHf***. 3-*aj, £#*si08 +*J*N*£ 
M&ftikM 51 A EL 4, *»0M££&rt4fcAfl 5 I £ 1 4. 
30 Sill; £J3'J, fc4!#tf**r*. £#WS108 t» M'J^rMW* 
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4*WHlHf S107, 

io® 2B sin 4Mr^*#*4*J-*^r4. 

5 #£*£4£2!> *n*a4Aw>saft4» £*£4* fl-MB^M^MF. 
«ati#*sii2, n^/«***4. >fl/**$££4> 

rfi M*tf &f 4<K>4Mr> S109, £4&£. 

ifcJ.jN*S113. 

io sii4 t, *J«^ii.*4*^*.i4*.^*f^A^#>Mf*.. 

$mX&&> *|a£j.;*MfcS116; ■fr$m%&&6 i ), JB'Ji&J-S 2C 
J&S120. 

15 S116 t» *Jfc*4*i.tf£&#te&»#*4**£*>fr 

(^*S118), «, *4*A (Hr*S119). 

*»S2Cflr*. £#3fcsi20t> ^i4.^4#^*Li4^#;##^t 

# 1.^4**»&*£^*£*; 2. ^4^^t virus-size; 3.^ 

data-offset-in.virus (#*fr£4#>) . 

S121 t» ^4tW>tl5^J^^4#^^14^rt^ 
25 ft****************. tMA4^A^A 

DOS com **4 i. 2. $4#^t 

virus-size; 3. $4* &T^i.#£-M^ 1*; 4.^4^*^.^*-=- 
^ ftftef. data.off set.in.virus tfa*t^4fr) . $iHfrJJM4£* 
30 :faT: l.i+#^4#£*# + ##J. virus-offset.in-file # 
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*4it#^f fils-size^,* £4tf*f virus. size; 2.it#££ 
tf&t. data-offset-in_file(^xt^iX^) #■ f 
virus.offset-in.file + data.offset-in.virus ; 3. $ 
data-offset.in-file &tt5.*1*£*tf £*frtf*.2.*?; 4..fc#£ 
5 4-3t#MJi-«p## virus -size 

Sfr. W (#^S125); *»;*.. l'JiO-#^S123. 

S123 t. ^JL#**^|L(*iJit|L)^**4^2tii^<t 

£##S124, *L4-*4A^. i«JL#Jlll S119, 

25 £l$£3iL. 

MiM. ***4#4fc#*tfe##*#; ft«£«r 

30 ##4-. 
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